A sample PAP secrets file might look like this:
# /etc/ppp/pap-secrets
#
# user server secret addrs
vlager-pap c3po cresspahl vlager.vbrew.com
c3po vlager DonaldGNUth c3po.lucas.com
The first line is used to authenticate ourselves when talking to
c3po. The second line describes how a user named c3po has
to authenticate itself with us.
The name vlager-pap in column one is the user name we send to c3po. By default, pppd will pick the local hostname as the user name, but you can also specify a different name by giving the user option, followed by that name.
When picking an entry from the pap-secrets file for authentication with the peer, pppd has to know the remote host's name. As it has no way of finding that out, you have to specify it on the command line using the remotename keyword, followed by the peer's hostname. For instance, to use the above entry for authentication with c3po, we have to add the following option to pppd's command line:
# pppd ...domain vbrew.com
In the fourth field (and all fields following), you may specify what
IP-addresses are allowed for that particular host, just as in the CHAP
secrets file. The peer may then only request addresses from that list.
In the sample file, we require c3po to use its real IP-address.
Note that PAP is a rather weak authentication method, and it is suggested you use CHAP instead whenever possible. We will therefore not cover PAP in greater detail here; if you are interested in using PAP, you will find some more PAP features in the pppd(8) manual page.